CVE-2015-4410

https://notcve.org/view.php?id=CVE-2015-4410

20 Feb 2020 — The Moped::BSON::ObjecId.legal? method in rubygem-moped before commit dd5a7c14b5d2e466f7875d079af71ad19774609b allows remote attackers to cause a denial of service (worker resource consumption) or perform a cross-site scripting (XSS) attack via a crafted string. El método Moped::BSON::ObjecId.legal? en rubygem-moped antes del commit dd5a7c14b5d2e466f7875d079af71ad19774609b, permite a atacantes remotos causar una denegación de servicio (consumo de recursos de worker) o llevar a cabo un ataque de tipo cross-s... • http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161964.html • CWE-20: Improper Input Validation •